Al1ne3737 & Mizaru Hack, Leak and/or Deface 6 Municipal Government Websites Across Brasil

No photo description available.

To close out the work week, over the course of the last 48 hours various members belonging the “New World Hackers” group announced the hack and/or leak and/or defacement of 8 websites across Brasil. To be more specific, implicated in the hacks/leaks featured below are the Town Hall of Pedra Azul, Municipal Town Hall of Tocos do Moji, Municipal Town Hall of Solidao, Municipal Town Hall of Bezzerros, Municipal Town Hall of São José da Coroa Grande, the Intermunicipal Consortium of Environmental Sanitation – Midwest division, CÂMARA DE VEREADORES DE MATO CASTELHANO and the Municipal Water and Sewage Service of São Leopoldo (SEMAE). Two New World Hackers known as “Al1ne3737” and “Mizaru” have claimed responsibility for the breaches.

Exposed within the hack of CÂMARA DE VEREADORES DE MATO CASTELHANO are login user names and passwords of two website administrators, granting access to two site databases containing information on site users, including telephone numbers, addresses, website user names and passwords – etc. In addition to the hack/leak, the website was also defaced. In fact, as of the evening hours of January 25th 2019, the website still remains in its defaced position. Additionally, in a message attached to the hack, “Al1ne3737” stated “The voice of none is stronger than the voice of one. Your website has been hacked because your security is very week. Your website is vulnerable to SQL Injection, so please fix.

Alvo: hxxp://camaramatocastelhano.rs.gov.br/
Leak: https://ghostbin.com/paste/7zqj8
Deface: http://www.zone-h.org/mirror/id/32159540?hz=1

Screen Shot of Deface:

No photo description available.

Exposed in the leak of the Consórcio Intermunicipal de Saneamento Ambiental – Meio Oeste are the login emails addresses and passwords of 3 website administrators, granting full access to the websites back-end – including 3 site databases. In a message attached to the hack, “Al1ne3737” sarcastically asked the rhetorical question “Do I Look Like Someone Who Has A Plan?” The website itself was also defaced and as of the evening hours of January 25th 2019, still remains in its defaced condition. A screen shot of the deface is provided below.

Alvo: hxxp://cisam.sc.gov.br/
Leak: https://ghostbin.com/paste/m3htj
Deface: http://www.cisam.sc.gov.br/leis/al1ne3737.html

Screen Shot of Deface: 

No photo description available.

Most notably implicated in the leak of the Prefeitura de Pedra Azul are the user names, passwords and email addresses of 10 website administrators, including the sites Head Web Master – granting full access to the back-end of the website and all of its contents.

Alvo: hxxp://www.pedraazul.mg.gov.br/
Leak: https://ghostbin.com/paste/h3k6o

Exposed in the leak of Prefeitura Municipal de Tocos do Moji are the login user names and password of two site administrators, once again offering full access to the back-end of the website and all of its content. The email addresses and Federal CPF numbers of 5 other administrators can also be found in the leaked data provided below.

Alvo: hxxp://www.tocosdomoji.mg.gov.br/
Leak:  https://ghostbin.com/paste/6pu5f

Exposed in the leak of the Prefeitura Municipal de Solidão are the personal email addresses and encrypted passwords of 19 politicians used to login into their official Government accounts through the municipalities online web portal.

Alvo: hxxp://solidao.pe.gov.br/
Leak: https://ghostbin.com/paste/wq6k5

Exposed in the leak of the Prefeitura Municipal – Prefeitura de Bezerros are the user names and passwords of two site administrators, granting access to a singular site database attached to the websites back-end containing information on all of the sites PHP files, as well as other miscellaneous information.

Alvo: hxxp://www.bezerros.pe.gov.br/
Leak: https://ghostbin.com/paste/oyeyb

Exposed in the leak of the Prefeitura Municipal de São José da Coroa Grande are the usernames and passwords of 6 website administrators, granting access to a singular database containing information such as internal user logs, notices, calendars, telephone numbers – etc.

Alvo: hxxp://www.saojosedacoroagrande.pe.gov.br/
Leak: https://ghostbin.com/paste/rc8uz

Exposed within a hack of the Serviço Municipal de Água e Esgotos de São Leopoldo (SEMAE) are the emails, usernames and passwords of 5 website administrators, granting access to a database containing all of the companies online information, including contacts, customer/clients lists and internal documents/memos.

Alvo: hxxp://www.semae.rs.gov.br/
Leak: https://ghostbin.com/paste/cnn6j

Browse Through All The Leaks:

NWH_Leaks



Categories: Hacking News

Tags: , , , , , , , , , ,

Leave a Reply

Your email address will not be published.

Do NOT follow this link or you will be banned from the site!
%d bloggers like this: